Highlights

Communications

Extra

ABC4Trust - Attribute-based Credentials for Trust

Attribute-based Credentials for Trust (ABC4Trust) is to deepen the understanding in such technologies, to enable their efficient and effective deployment in practice, and to foster their federation in different domains.

Almost all applications and services based on computer systems require some authentication of participants to establish trust relations. Given the weakness of simple authentication methods like password-based authentication, multiple alternate techniques have been developed to provide a higher degree of security. Cryptographic certificates are one known example of this. Although such certificates offer sufficient security for many purposes, they cannot be regarded as privacy-friendly.

Any usage of such a certificate may expose identity information of the holder (e.g. name and age) to the party requesting the authentication, but there are various scenarios where the user of such certificates unnecessarily reveals more information than needed. E.g. if proof is required that the user is of a given age or student of a university, neither the identity nor the exact birth date needs to be known by the other party. Revealing more information than necessary not only harms the privacy of the users, but also increases the risk of information abuse (e.g. identity fraud) and furthermore enables linkability of the usages. Processing more data than necessary also violates the principles laid down in Art. 6 sec. 1 lit. c) and e) of the EU Data Protection Directive 95/64/ EC.

ABC4Trust addresses the federation and "interchangeability" of technologies that support trustworthy yet privacy-preserving Attribute-based Credentials (Privacy ABCs). Privacy ABCs allow a holder to reveal and prove just the minimal information required by the application, without giving away full identifying information. They furthermore allow their holder to transform them into a presentation token providing only a subset of attribute values stored in the original credential while preserving a valid signature. These credentials thus facilitate the implementation of a trustworthy and at the same time privacy-protecting information society.

Policy context

Using certificates in typical federated identity management (IdM) architectures poses several risks to the privacy of the user (see Figure 1). Classical certificates as they are commonly used within X.509 architectures cannot be changed without invalidating the issuer's signature. This makes it impossible to strip off unnecessary personal information before presentation forcing users to reveal more data than actually needed for the purpose.

Some federated IdM architectures, e.g. for single sign-on (SSO), require a communication of the user with the ID provider (IDP) as part of each authentication. This unintentionally reveals profiles of communication habits towards the IDP. Whenever the token request also contains information about the relying party, interest profiles of the user can be aggregated. Even worse from a privacy perspective are setups where the relying party (RP) directly communicates with the IDP (e.g. payment systems with real-time verification of the balance).

Due to their design, ABCs and the underlying cryptographic mechanisms are designated for building privacy-enhancing technologies. The aforementioned ABC4Trust pilots will utilize the technology for authentication by ABCs. In the following, the operation of ABCs will be illustrated showing the potential for privacy-enhancing authentication. ABC technology omits the risks identified for classical IdM infrastructures while preserving the advantages of federated IdM architectures.

Policy context of Privacy ABCs

As Privacy ABCs allow combining both - privacy preserving but yet trustworthy and reliable authentication - the development done within ABC4Trust directly contributes to several Action Areas of the Digital Agenda including the areas "Trust and security" and "Building digital confidence". The research done is closely related to the European data protection legislation, namely to the Directives 95/46/EC and 2002/58/EC as well as their enactments in member states' legislation.

Privacy ABCs alone and together with other mature privacy enhancing technology (PET) have a high potential to influence the ongoing development in the domain of data protection and privacy. This will influence the understanding and definition of what appropriate technical and organisational measures to ensure adequate data protection are. Data controllers are already obliged under the current legal framework to implement such measures. Visioning the future of data protection in Europe due regard to the current draft General Data Protection Regulation must be held. According to Article 23 Para. 3 of the draft General Data Protection Regulation the EU Commission will be empowered to adopt delegated acts further specifying measures and mechanisms ensuring adequate data protection. With Privacy ABCs available and ready for deployment it can be requested from service providers to ensure privacy preserving authentication and use of pseudonyms also in areas where a demand of trust and security on the side of the service provider exists.

The rapid development in electronic Identification schemas across Europe has shown the need of trust and security for the users. Privacy ABCs could enhance upcoming generations of eIDs with more advanced and secure authentication features that preserve the privacy of the users. To this end the a deployment in the architectures of a potentially upcoming European citizen card as well as in several national eID initiatives may be possible.

Description of target users and groups

The technology developed and piloted within ABC4Trust addresses wide variety target groups. Directly beneficial is the technology for all persons with the need to securely authenticate themselves towards any kind of service while preserving as much anonymity and privacy as possible. Therefore any entity that demands some kind of authentication can benefit from the enhanced trust relation with its users or better compliance with data protection legislation.

Description of the way to implement the initiative

ABC4Trust consists of 12 well-known partners from 5 EU Member States and Switzerland. All partners of the Consortium are well recognized players in their competence area.

In ABC4Trust the following two pilot trials are conducted:

Protecting the privacy of children in a school environment in Sweden will involve pseudonymous community access and social networking for pupils. This trial deals with online communication and exchange of sensitive personal concerns and advice between pupils and school personnel. Pupils will be able to seek advice from medical or pedagogical staff and other coaches inter alia on intimate questions related to their physical, psychological, social, financial, or other situation without necessarily revealing their true identity. They will also be enabled to communicate in restricted areas where access can be granted e.g. only to students of a certain age range and sex. This part of the trial benefits from the advantages of the ABC technology by allowing anonymous proofs of attribute values.

Course evaluation within universities will be the second trial of the project. It comprises the provision of credentials to the students of a Greek university that certifies a number of facts to the students (e.g. year of study, major, percentage of attendance of a course, etc.). Eligible Students will be able to anonymously provide feedback on courses and teachers they had during a semester by using proper credentials.

By taking into account the collection of criteria and the implementation of necessary infrastructure (identity service provider, infrastructure to issue credentials, attribute databases, etc.), the evaluation of these pilots will provide a clear proof of concept of both the unified attribute-based credentials approach as well as the reference architecture, providing at the same time feedback for enhancements.

Technology solution

ABC4Trust aims at making Attribute-based Credentials interoperable by providing a unified architecture to deploy existing cryptographic solutions. The ABC4Trust architecture will be built into a reference implementation and tested within two pilot trials. ABC4Trust builds on the two available products in the field of Privacy ABCs: IBM's Identity Mixer and Microsoft's U-Prove. As these solutions are supported by two of the leading ICT companies, they are among the best candidates to provide input to standardization in this domain.

A contribution of this project to the state of the art will be the definition of such a common unified architecture for federating and interchanging different ABC systems in a way that:

users will be able to obtain credentials for different Privacy ABC technologies and use them indifferently on the same hardware and software platforms,

service providers will be able to adopt whatever Privacy ABC technology best suits their needs, and

identity service providers will be able to accept credentials under one Privacy ABC technology and issue corresponding ones under another ABC technology, again using the same hardware and software platforms.

ABC4Trust considers standardization to be a strong outreach activity, which has thus gained considerable attention from the project. The report "D8.4 Architecture for Standardisation V1" published by the project outlines the landscape of the relevant standardization bodies and projects, and takes first steps into looking into the viability of having an impact on the most relevant ones. In this regard, ABC4Trust has identified two groups of high relevance within ISO/IEC JTC 1/SC 27, namely Working Groups (WG) 2 and 5.

Taking from the results of the work done on the definition of the first version of the ABC4Trust architecture, the report addresses concrete proposals to three specific projects underway within WG 5, namely ISO/IEC 24760-2, ISO/IEC 29101 and ISO/IEC 29191.

"ISO/IEC 24760-2: Information technology - Security techniques - A framework for identity management - Part 2: Reference architecture and requirements "focuses on the description of the lifecycle model of identity information, providing guidelines for the implementation of systems for the management of identity information, and specifying requirements for the implementation and operation of a framework for identity management. The report suggests a number of improvements to the current working draft of ISO/IEC 24760-2. Additionally, ABC4Trust also presents a mapping of some of the terms used in the two (ABC4Trust and ISO/IEC 24760-2) architectures.

The report also presents the ABC4Trust Architecture in the spirit of the "ISO/IEC 29101: Information Technology - Security Techniques - Privacy Architecture Framework". The presented comparison takes the current version of the ABC4Trust architecture, adapting it to the structure and terminology of ISO/IEC 29101. This comparison outlines how the ABC4Trust architecture already implements many of the privacy-enhancing features by design, reducing the additional implementation burden for an application that uses this architecture to also comply with ISO/IEC 29101. In addition, the comparison presented here can also be used as an annex to the upcoming version of the ISO/IEC 29101.

Main results, benefits and impacts

The objectives of ABC4Trust are

to define a common, unified architecture for ABC systems to allow comparing their respective features and combining them on common platforms, and

to deliver open reference implementation of selected ABC systems and deploy them in actual production pilots supporting provably accredited members of restricted communities to provide anonymous feedback on their community or its members.

The results of the project will enable stakeholders to better understand privacy-preserving ABC technologies and to compare the relative merits of different technologies in different scenarios. ABC4Trust will launch trials deploying attribute-based credentials at a Greek university and a Swedish secondary school. For this ABC4Trust will deploy the existing Privacy ABC technologies by IBM (Identity Mixer) and Microsoft (U-Prove).

Results: Progress beyond the state of the art:

A first contribution of this project to the state of the art will be the definition of a common unified architecture for federating and interchanging different ABC systems.

A second contribution will be the elaboration of a metrics framework for comparing different ABC systems.

The project will provide reference implementations for the components defining an ABC system.

The project consortium will run the first ever pilots of ABC deployments in production environments.

ABC4Trust will keep the ecosphere of application developers as well as technology providers informed and aware of progress in making ABC system usable.

The integration of legal experts into the technical work packages in form of a horizontal activity will ensure that legal requirements will be known to the researchers at an early stage and enable short ways for interdisciplinary interchange.

Impact:

ABC4Trust promotes European privacy values in infrastructures and provides opportunities to advance European technological leadership in this field.

ABC4Trust will support the future European Electronic Identity Management Infrastructure and e.g. the related European Large Scale Action (ELSA)

ABC4Trust's outcomes will help to increase productivity, stay ahead with non-EU competitors, and earn revenue with security and privacy-enhanced technologies.

ABC4Trust will enable new types of services and will clearly lower the threshold for hesitating individuals to partake in online interactions.

Track record of sharing

ABC4Trust understands dissemination as an important task that is continuously performed throughout the project's lifetime. Besides addressing the scientific and industry community, e.g. by contributing to conferences and scientific journals, the project undertakes dissemination actions to reach further relevant target audiences. Please refer to the section "Events" on the ABC4Trust website for past and upcoming events.

The project has established the ABC4Trust Reference Group with about 30 experts from industry, academia, data protection authorities, politics and NGOs. The reference Group provides first feedback on project's results and planned activities. Being relevant peers in their own groups the members of the reference group also serve as peers to disseminate the idea of Privacy ABCs into their respective group.

The ABC4Trust project as a whole, individual partner organisations or single researchers have well established contacts to relevant peer groups. These contacts are applied for providing expertise to and gathering feedback from these peers. ABC4Trust has established contact with several related European and national research projects for a variety of activities such as joint workshops, organizing conference sessions or summer schools.

A selection of ABC4Trust predecessor projects and past cooperation partners

PHMethics - Interdisciplinary research to analyse the relationship between ethics, law and psychosocial as well as medical sciences

SSEDIC - Scoping the single European Digital Identity Community

SurPRISE - Surveillance, Privacy and Security

PRISMS - Privacy and Security Mirrors - Towards a European framework for integrated decision making

Lessons learnt

This field will be completed by the submitter when the lessons learnt have been identified and understood. It will include references to the project's reports with respective content. Such content is expected once the project's pilots are finished and the results have been analysed.